Google Chrome 68 HTTP treatment

Google announced earlier today plans to mark all HTTP sites as "Not Secure" in Chrome, starting with July 2018, when the company plans to release Google Chrome 68.

The company's decision comes after HTTPS adoption increased among website owners and a large chunk of today's traffic is now encrypted.

Google said that more than 68% of Chrome traffic on both Android and Windows and over 78% of Chrome traffic on both Chrome OS and Mac, is now being sent via HTTPS.

Google has been preparing for this

The decision to mark all HTTP sites as "Not Secure" in the URL address bar is part of the company's larger strategy.

The first stage of this plan rolled out with Chrome 56 when Google marked all HTTP pages as "Not Secure" if the pages contained password or payment card fields.

The second stage took place with Chrome 62 when Google marked all HTTP pages opened in a Private Browsing window as "Not Secure."

July's Chrome 68 release will mark this process' third and final stage.

Google is not alone in its decision to penalize all HTTP sites. Mozilla started this trend in December last year when engineers started laying the groundwork for Firefox to mark all HTTP sites as "Not Secure" as well.

Unlike Google, the Mozilla Foundation did not announce a deadline when it planned to activate this new policy. Just like Google, Mozilla cited the same rise in HTTPS adoption as the main reason to make the switch to an "HTTP-not-secure-by-default" policy.

Wth today's announcement, Google also said it improved its Lighthouse app to include checks for a website's HTTPS-related settings.

Related Articles:

Chrome Enterprise gets Premium security but you have to pay for it

Google fixes one more Chrome zero-day exploited at Pwn2Own

New Chrome feature aims to stop hackers from using stolen cookies

Google agrees to delete Chrome browsing data of 136 million users

Google fixes Chrome zero-days exploited at Pwn2Own 2024